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Ex parte SEAN BRENNAN 



Appeal 2007-3485 
Application 10/050,752 
Technology Center 2 1 00 



Decided: June 16, 2008 



Before JOSEPH L. DIXON, HOWARD B. BLANKENSHIP, and 
JAY P. LUCAS, Administrative Patent Judges. 

DIXON, Administrative Patent Judge. 

DECISION ON APPEAL 
This is a decision on appeal under 35 U.S.C. § 134 from the 
Examiner's final rejection of claims 4, 5, 7-13, and 16-34. Claims 1-3, 14, 
and 15 have been withdrawn from consideration after a restriction 
requirement, and claims 6, 24-27, and 31-34 have been canceled. We have 
jurisdiction under 35 U.S.C. § 6(b). 
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We AFFIRM. 



BACKGROUND 

Appellant's invention relates to a system and method for 

accomplishing two-factor user authentication using the Internet. An 

understanding of the invention can be derived from a reading of exemplary 

claim 4 which is reproduced below. 

4. A method of accomplishing two-factor user 
authentication, comprising: 

providing first and second user authentication methods, wherein 
the first and second user authentication methods are selected to 
authenticate at least two factors associated with the user; 

enabling a user to communicate authentication data for both 
authentication methods to a first web site using the internet; 

authenticating the user at the first web site using the first 
authentication method; 

enabling the communication of at least some of the 
authentication data from the first web site to a second web site using 
the internet; 

authenticating the user at the second web site based on the 
authentication data transferred from the first web site using the second 
authentication method; and 

wherein both web sites are involved in user authentication using 
the authentication data and wherein access to content on the first web 
site is restricted if the user is not authenticated to both web sites. 
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PRIOR ART 

The prior art references of record relied upon by the Examiner in 
rejecting the appealed claims are: 

Ying US 6,853,980 Bl Feb. 8, 2005 

Tan US 2001/0045451 Al Nov. 29, 2001 

Krueger US 2002/0077837 Al Jim. 20, 2002 

Aladdin. "eToken: The Key to Security for the Internet Age", July 20, 

2000. 

RSA Security, Inc. "RSA Web Security Portfolio - How RSA SecurlD 
Agents Can Secure Your Website", August 2000. 

Stallings, William. Network Security Essentials, Applications and 
Standards, Prentice- Hall, Inc., pp. 203-223. 

REJECTIONS 

Claims 4-5, 7-9, 18, 21, and 28 stand rejected under 35 U.S.C. 103(a) 
as being unpatentable over Ying and Krueger. 

Claims 10-12, 19-20, 22, 23, 29, and 30 stand rejected under 35 
U.S.C. 103(a) as being unpatentable over Ying and Krueger further view of 
RSA. 

Claim 13 stands rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ying, Krueger and RSA further view of Tan and Aladdin. 

Claims 16-17 stands rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ying, Krueger and RSA further in view of Stallings. 
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Rather than reiterate the conflicting viewpoints advanced by the 
Examiner and Appellant regarding the above-noted rejection, we make 
reference to the Examiner's Answer (mailed Jan. 17, 2007) for the reasoning 
in support of the rejections, and to Appellant's Brief (filed Oct. 18, 2006) for 
the arguments thereagainst. 

OPINION 

In reaching our decision in this appeal, we have given careful 
consideration to Appellant's Specification and claims, to the applied prior art 
references, and to the respective positions articulated by Appellant and the 
Examiner. As a consequence of our review, we make the determinations 
that follow. 

35U.S.C. § 103(a) 

"Section 103 forbids issuance of a patent when 'the differences 
between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in 
the art to which said subject matter pertains.'" KSR Int'l Co. v. 
Teleflexlnc, 127 S. Ct. 1727, 1734 (2007). 

In KSR, the Supreme Court emphasized "the need for caution in 
granting a patent based on the combination of elements found in the prior 
art," Id. at 1739, and discussed circumstances in which a patent might be 
determined to be obvious. KSR, 127 S. Ct. at 1739 (citing Graham v. John 
Deere Co., 383 U.S. 1, 12 (1966)). The Court reaffirmed principles based 
on its precedent that "[t]he combination of familiar elements according to 
known methods is likely to be obvious when it does no more than yield 
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predictable results." Id. The operative question in this "functional 
approach" is thus "whether the improvement is more than the predictable use 
of prior art elements according to their established functions." Id. at 1740. 

The Federal Circuit recently recognized that "[a]n obviousness 
determination is not the result of a rigid formula disassociated from the 
consideration of the facts of a case. Indeed, the common sense of those 
skilled in the art demonstrates why some combinations would have been 
obvious where others would not." Leapfrog Enters., Inc. v. Fisher-Price, 
Inc., 485 F.3d 1157, 1161 (Fed. Cir. 2007) (citing ASK, 127 S. Ct. 1727, 
1739 (2007)). The Federal Circuit relied in part on the fact that Leapfrog 
had presented no evidence that the inclusion of a reader in the combined 
device was "uniquely challenging or difficult for one of ordinary skill in the 
art" or "represented an unobvious step over the prior art." Id. (citing KSR, 
127 S. Ct. at 1740-41). 

One cannot show nonobviousness by attacking references individually 
where the rejections are based on combinations of references. In re Merck 
& Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). 

However, nonfunctional descriptive material cannot render 
nonobvious an invention that would have otherwise been obvious. In re 
Ngai, 367 F.3d 1336, 1339 (Fed. Cir. 2004). Cf. In re Gulack, 703 F.2d 
1381, 1385 (Fed. Cir. 1983) (when descriptive material is not functionally 
related to the substrate, the descriptive material will not distinguish the 
invention from the prior art in terms of patentability). 
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The Patent and Trademark Office (PTO) must consider all claim 
limitations when determining patentability of an invention over the prior 
art." In relowry, 32 F.3d 1579, 1582 (Fed. Cir. 1994) (citing In re Gulack, 
703 F.2d 1381, 1385 (Fed. Cir. 1983)). "Claims must be read in view of the 
specification, of which they are a part." Markman v. Westview Instruments, 
Inc., 52 F.3d 967, 979 (Fed. Cir. 1995) (en banc). "[T]he PTO gives claims 
their 'broadest reasonable interpretation.'" In re Bigio, 381 F.3d 1320, 1324 
(Fed. Cir. 2004) (quoting In re Hyatt, 211 F.3d 1367, 1372 (Fed. Cir. 2000)). 
"Moreover, limitations are not to be read into the claims from the 
specification." In re Van Geuns, 988 F.2d 1181, 1184 (Fed. Cir. 1993) 
(citing In re Zletz, 893 F.2d319, 321 (Fed. Cir. 1989)). 

At the outset, we note that Appellant has elected to group independent 
claims 4, 21, and 28 together in a group as indicated at page 1 1 of the Brief. 
Therefore, we select independent claim 4 as the representative claim and 
will address arguments thereto. 

From our initial review of the teachings of Ying in view of Krueger, 
we find the combined teachings to teach and fairly suggest the use of 
multiple user authentications or verifications of a user and user's credit card 
information across plural websites to allow a user to access content on the 
first website which is restricted if the user is not authenticated to both 
websites. Clearly, if the credit card information for a user is not verified, 
authenticated, or approved by the second website, the user will not be able to 
access the content (which is the fonts available for purchase) if payment is 
not made. We find this combination clearly teaches the invention as recited 
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in independent claim 4. Therefore, we look to Appellant's responsive 
arguments to show error in the Examiner's initial showing of obviousness 
over the combined teachings of Ying and Krueger. 

Appellant argues that neither Ying nor Krueger teaches or suggests an 
authentication method and system using at least two different factors at two 
or more websites as taught by Appellant and claimed in independent claim 4. 
(App. Br. 12 and 13). Appellant relies upon Appellant's Specification at 
page 9, lines 10-18, to support this position. From our review of Appellant's 
Specification, we find that the relied upon portion is not commensurate in 
scope with the broader language of independent claim 4. Therefore, 
Appellant's reliance thereon is not persuasive of error in the Examiner's 
initial showing of obviousness. 

Appellant argues that it is well-known in the security field that 
authentication can be based upon three factors: (1) what you know, (2) what 
you have, and (3) what you are. Authentication based on one of these 
factors is termed a single-factor authentication and authentication based on 
two of these factors is termed a two-factor authentication. (App. Br. 13). 
Here, Appellant maintains that Appellant teaches adding a token to a 
password authenticated website to authenticate not only what you know 
(password) but also what you have (token). 

Unfortunately, we do not find support in the language of independent 
claim 4 for Appellant's proffered inclusion of a token in independent claim 
14, which is expressly recited in dependent claim 10. Hence, independent 
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claim 4 is broader than the proffered inclusion of a token. Therefore, 
Appellant's argument is not persuasive of error in the Examiner's initial 
showing of obviousness. 

Appellant argues that the portions of Ying relied upon by the 
Examiner do not describe authentication of an end user at a second site or 
server. (App. Br. 14). Appellant argues that Ying described approving or 
verifying an end user's credit card information without authenticating his 
identity at the second server. (App. Br. 14). Here again, Appellant's 
argument regarding authenticating the identity goes beyond the express 
language of independent claim 4 and is not persuasive of error in the 
Examiner's initial showing. 

Appellant argues that credit card "verification" does not attest what 
you know, what you have, or what you are, and is therefore not user 
authentication. (App. Br. 14). We disagree with Appellant wherein a user 
generally has a credit card (tangible item) in his or her possession to read 
and input the appropriate information. Just as with a token which may be 
changing or not. Furthermore, Appellant has not identified any express 
definition or interpretation of any of the recited claim limitations in 
Appellant's Specification with which to further interpret the claim 
limitations at issue. Therefore, we do not find Appellant's argument 
persuasive of error in the Examiner's initial showing of obviousness. 

Appellant argues that the credit card processor in Ying is not an 
authentication method and that the card information is at most what the end 
user "knows" rather than what the end user "has" such as a token-generated 
synchronous code enabling the card information processing server to 
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authenticate the identity of the end user. (App. Br. 15). Again, Appellant's 
argument is not commensurate in scope with the language of independent 
claim 4 and therefore is not persuasive of error in the Examiner's initial 
showing of obviousness. 

Appellant further argues that there must be some suggestion or 
motivation to modify the references or to combine the reference teachings 
and that the relied upon teachings only teach a single factor authentication. 
Here, we disagree with Appellant concerning the single factor authentication 
of the same type. Therefore, we do not find Appellant's argument persuasive 
of error in the Examiner's combination as set forth in the Answer. Since 
Appellant has not shown error in the Examiner's initial showing of 
obviousness of independent claim 4, we will sustain the rejection of 
independent claim 4 and corresponding dependent claims 5, 9, and 18 which 
are grouped therewith by Appellant. 

Appellant additionally includes paragraphs directed to dependent 
claims 7 and 8, but merely sets forth the language of these claims without a 
specific argument for patentability. Therefore, these claims will fall with 
independent claim 4. 

Appellant additionally includes paragraphs directed to independent 
claims 21 and 28, but reiterates the same arguments advanced with respect to 
dependent claim 4. Therefore, these claims will fall with independent claim 
4. 
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With respect to dependent claims 10-12, 19, 20, 22, 23, 29, and 30 
(we note that Appellant has canceled claims 24-27 and 31-34), Appellant 
argues that neither Ying nor Krueger discloses either user identification at a 
second website or a second factor of authentication to an existing single 
factor authentication system and that RSA also fails to show a two factor 
authentication method. We select dependent claim 10 as the representative 
claim for this grouping and address arguments thereto. 

We disagree with Appellant's argument as discussed above with 
respect to the two-factor authentication. Hence, we do not find Appellant's 
argument persuasive of error in the Examiner's initial showing of 
obviousness. Appellant further argues that there is no suggestion or 
motivation to combine RSA with Ying and Krueger, but Appellant provides 
no evidence to show error in the Examiner's proffered motivation. 
Therefore, we do not find Appellant's argument persuasive of error in the 
Examiner's initial showing of obviousness, and we will sustain the rejection 
of dependent claims 10-12, 19, and 20. 

Appellant additionally includes a paragraph directed to dependent 
claim 22, and Appellant presents the same arguments advanced with respect 
to dependent claim 10. Therefore, we do not find Appellant's argument 
persuasive of error in the Examiner's initial showing of obviousness, and we 
will sustain the rejection of dependent claims 22, 23, 29, and 30 as grouped 
therewith by Appellant. 
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CONCLUSION 

To summarize, we have sustained the rejection of claims 4, 5, 7-13, 
16-23, and 28-30 under 35 U.S.C. § 103(a). 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 CFR § 1 .136(a). 

AFFIRMED 
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